In 2025 on June 21st, CoinMarketCap had a security breach which sent shockwaves through the crypto space. A malevolent code was added to the very used tracking platform by the hackers. Consequently, this presented phony “Verify Wallet” popups to the users. The pop-ups were made to look like the real wallet requests. This tricked users into handing over their token access. The phishing attack played on CoinMarketCap’s trust. As a result, users saw their ERC-20 tokens drained.
Within 3 hours, the team at CoinMarketCap had removed the injected code following the breach. They also issued a report. “We have identified and removed the malicious code,” the platform reported on X. Still, many questioned how the CoinMarketCap security breach went undetected. They also queried what it means for Web3 security.
Highlights ERC-20 Risks
At CoinMarketCap, an attack took advantage of what users often do. This involves giving out infinite ERC-20 approvals. These approvals are an everyday thing in DeFi. However, they can be turned against you if misused. Attackers used the pop-up to get wallet access from users, highlighting the risks in CoinMarketCap security breaches. As a result, they accessed ERC-20 tokens without the users’ knowledge.
Affected users reported that they shared screens of what happened. They also described the popups as being very much like trusted DeFi applications. The security team dealt with known phishing tactics. That is to say, the attack played on trust and urgency to get users to react. Also in the security response were Phantom and MetaMask, while Jameson Lopp highlighted the risks on X. They did very well in containing the issue. However, large-scale crypto platforms remain on alert for another possible CoinMarketCap security breach.
CoinMarketCap Security Breach Underscores Industry Gaps
This is not the first time for a CoinMarketCap security breach. In 2021, the platform had a data leak which made public over 3.1 million user emails. Although in this latest attack no reports of user funds being stolen, the trust issue is very much present.
Phishing is a growing issue. It also reports to be of large scale on popular widely used platforms. Experts advise reducing approvals, using revoke cash for token authorizations, and checking into each prompt to prevent CoinMarketCap security breaches.
CoinMarketCap has announced that they will be going forward with security improvements to prevent future breaches. The breach is also a very important issue as it brings to light the fact that any platform, no matter its reputation, is vulnerable.
